A NASA audit found that stock vendor contracts and lack of oversight are exposing it to potential security threats

An audit of NASA's public cloud computing contracts recently found that the space agency isn't meeting federal IT security requirements.

The NASA Office of Inspector General (OIG) recently audited the space agency's public cloud computing system and found that a combination of stock vendor contracts and lack of oversight are exposing it to potential security threats.

The OIG reviewed five NASA contracts in the audit, where four relied on the cloud providers' standard contracts and one was made by NASA. All five failed to meet "federal privacy, discovery, and data retention and destruction requirements" according to ZDNet.

In addition, the OIG found that a third-party cloud service that sends over 100 NASA internal and public websites had been operating without security plans or written authorization for more than two years.

To top it off, NASA's Office of the CIO wasn't clued in on all of the cloud services that different NASA organizations had used, and in many instances, the movement to public clouds was not planned through "a central office."

The OIG concluded that NASA's public cloud contracts are at increased risk of vulnerabilities and need to be addressed through a better-coordinated cloud strategy.

On the upside, moving to the cloud does save NASA about $1 million each year.

In 2012, NASA stopped using the Nebula private cloud and moved its data to Azure and Amazon Web Services. The audit, which only looked at a small portion of NASA's computer infrastructure, said up to 75 percent of new IT programs are expected to start in the cloud within five years, and almost all of NASA's public data could be moved to the cloud as well. As much as 40 percent of its legacy systems could go to the cloud, too.

When you say "NASA" and "cloud" in the same sentence, it can take on an entirely different meaning than "cloud" does with other companies... they are the National Aeronautics and Space Administration, after all.